Code Scanning Query Pack Generation #3269
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Scanning Query Pack Generation | |
on: | |
merge_group: | |
types: [checks_requested] | |
pull_request: | |
branches: | |
- main | |
- next | |
- "rc/**" | |
push: | |
branches: | |
- main | |
- next | |
- "rc/**" | |
env: | |
XARGS_MAX_PROCS: 4 | |
jobs: | |
prepare-code-scanning-pack-matrix: | |
name: Prepare CodeQL Code Scanning pack matrix | |
runs-on: ubuntu-22.04 | |
outputs: | |
matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Export Code Scanning pack matrix | |
id: export-code-scanning-pack-matrix | |
run: | | |
echo "matrix=$( | |
jq --compact-output '.supported_environment | {include: .}' supported_codeql_configs.json | |
)" >> $GITHUB_OUTPUT | |
create-code-scanning-pack: | |
name: Create Code Scanning pack | |
needs: prepare-code-scanning-pack-matrix | |
runs-on: ubuntu-latest-xl | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.prepare-code-scanning-pack-matrix.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache CodeQL | |
id: cache-codeql | |
uses: actions/cache@v4 | |
with: | |
path: ${{ github.workspace }}/codeql_home | |
key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }} | |
- name: Install CodeQL | |
if: steps.cache-codeql.outputs.cache-hit != 'true' | |
uses: ./.github/actions/install-codeql | |
with: | |
codeql-cli-version: ${{ matrix.codeql_cli }} | |
codeql-stdlib-version: ${{ matrix.codeql_standard_library }} | |
codeql-home: ${{ github.workspace }}/codeql_home | |
add-to-path: false | |
- name: Install CodeQL packs | |
uses: ./.github/actions/install-codeql-packs | |
with: | |
cli_path: ${{ github.workspace }}/codeql_home/codeql | |
- name: Determine ref for external help files | |
id: determine-ref | |
run: | | |
if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then | |
EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}" | |
elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then | |
EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}" | |
else | |
EXTERNAL_HELP_REF="$GITHUB_REF" | |
fi | |
echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV" | |
echo "Using ref $EXTERNAL_HELP_REF for external help files." | |
- name: Checkout external help files | |
id: checkout-external-help-files | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }} | |
repository: "github/codeql-coding-standards-help" | |
ref: ${{ env.EXTERNAL_HELP_REF }} | |
path: external-help-files | |
- name: Include external help files | |
if: steps.checkout-external-help-files.outcome == 'success' | |
run: | | |
pushd external-help-files | |
find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \; | |
popd | |
- name: Pre-compiling queries | |
env: | |
CODEQL_HOME: ${{ github.workspace }}/codeql_home | |
run: | | |
PATH=$PATH:$CODEQL_HOME/codeql | |
# Precompile all queries, and use a compilation cache larger than default | |
# to ensure we cache all the queries for later steps | |
codeql query compile --precompile --threads 0 --compilation-cache-size=1024 cpp c | |
cd .. | |
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas | |
- name: Upload GHAS Query Pack | |
uses: actions/upload-artifact@v4 | |
with: | |
name: code-scanning-cpp-query-pack.zip | |
path: code-scanning-cpp-query-pack.zip | |
- name: Create qlpack bundles | |
env: | |
CODEQL_HOME: ${{ github.workspace }}/codeql_home | |
run: | | |
PATH=$PATH:$CODEQL_HOME/codeql | |
codeql pack bundle --output=common-cpp-coding-standards.tgz cpp/common/src | |
codeql pack bundle --output=common-c-coding-standards.tgz c/common/src | |
codeql pack bundle --output=misra-c-coding-standards.tgz c/misra/src | |
codeql pack bundle --output=cert-c-coding-standards.tgz c/cert/src | |
codeql pack bundle --output=cert-cpp-coding-standards.tgz cpp/cert/src | |
codeql pack bundle --output=autosar-cpp-coding-standards.tgz cpp/autosar/src | |
codeql pack bundle --output=misra-cpp-coding-standards.tgz cpp/misra/src | |
codeql pack bundle --output=report-coding-standards.tgz cpp/report/src | |
- name: Upload qlpack bundles | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coding-standards-codeql-packs | |
path: '*-coding-standards.tgz' |